Certificate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 24: | Line 24: | ||
##; certbot -apache -d mydomain.com -d mail.mydomain.com | ##; certbot -apache -d mydomain.com -d mail.mydomain.com | ||
##: Add to Apache Virtual | ##: Add to Apache Virtual | ||
## | ### SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem | ||
## | ### SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem | ||
## | ### SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem | ||
##: Add to Dovecot | ##: Add to Dovecot | ||
## | ### ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem | ||
## | ### ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem | ||
##: Add to Qmail | ##: Add to Qmail | ||
## | ### cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak | ||
## | ### cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem | ||
##: Springdale, Rocky, Alma Linux 9 may need the private key last | ##: Springdale, Rocky, Alma Linux 9 may need the private key last | ||
## | ### cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem | ||
##: Let's Encrypt auto renewal | ##: Let's Encrypt auto renewal | ||
## | ##: Add to cron nightly renew of certs (These certificates expire every 3 months) | ||
## | ### 0 0 * * * /opt/certbot/certbot-auto renew #CentOS 6 | ||
## | ### 0 0 * * * /opt/certbot/certbot renew #CentOS 7 |
Revision as of 10:18, 20 March 2024
Security Certificate
To configure a SSL certificate for TLS and/or SSL over SMTP:
- Abstract: Create Certificate
- Generate key
- Generate signing request
- Sign the key
- Create server certificate
- Set permission
- Set owner
- Copy into place
- Restart services
- Self-Signed Certificate
- openssl genrsa -out x.key 2048
- openssl req -new -key x.key -out x.csr
- openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
- cat x.crt x.key > servercert.pem
- chmod 644 servercert.pem
- chown root:qmail servercert.pem
- cp -p servercert.pem /var/qmail/control
- Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
- yum install python-certbot-apache
- certbot -apache -d mydomain.com -d mail.mydomain.com
- Add to Apache Virtual
- SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
- Add to Dovecot
- ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
- ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
- Add to Qmail
- cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak
- cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem
- Springdale, Rocky, Alma Linux 9 may need the private key last
- cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem
- Let's Encrypt auto renewal
- Add to cron nightly renew of certs (These certificates expire every 3 months)
- 0 0 * * * /opt/certbot/certbot-auto renew #CentOS 6
- 0 0 * * * /opt/certbot/certbot renew #CentOS 7